Analysis
-
max time kernel
179s -
max time network
183s -
platform
android_x86 -
resource
android-x86-arm-20240611.1-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240611.1-enlocale:en-usos:android-9-x86system -
submitted
14-06-2024 04:51
Static task
static1
Behavioral task
behavioral1
Sample
a80e800b3cbf913beb0640e52aed4748_JaffaCakes118.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
a80e800b3cbf913beb0640e52aed4748_JaffaCakes118.apk
Resource
android-x64-20240611.1-en
General
-
Target
a80e800b3cbf913beb0640e52aed4748_JaffaCakes118.apk
-
Size
11.4MB
-
MD5
a80e800b3cbf913beb0640e52aed4748
-
SHA1
bc8033b80ddbfa77fd2e7918606b0e9c4cd1378d
-
SHA256
549c105b7d69f9638fdde3b93531398e6ebaa2c7cf45b9af143d35bafd762ca7
-
SHA512
a6f9821c74c9758e3c4c219be202c3920ec05075145aa36837182310b75727c9f303172b641180c705cb66b767ff6c79bc8594f47c0a62c977178cb6e78b615b
-
SSDEEP
196608:RJQC3NTj6yLtQAxJH1HFy7hEIz7qVyGYfmrfJDqsYYZdk98zde:RfTmyx1HFy1E27cY+4DiZzde
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
Processes:
com.travel.koubeiioc process /system/bin/su com.travel.koubei /system/xbin/su com.travel.koubei -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Queries information about running processes on the device 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
Processes:
com.travel.koubeicom.travel.koubei:pushserviceio.rong.pushdescription ioc process Framework service call android.app.IActivityManager.getRunningAppProcesses com.travel.koubei Framework service call android.app.IActivityManager.getRunningAppProcesses com.travel.koubei:pushservice Framework service call android.app.IActivityManager.getRunningAppProcesses io.rong.push -
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
Processes:
com.travel.koubeidescription ioc process Framework service call android.net.wifi.IWifiManager.getScanResults com.travel.koubei -
Acquires the wake lock 2 IoCs
Processes:
com.travel.koubei:pushserviceio.rong.pushdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock com.travel.koubei:pushservice Framework service call android.os.IPowerManager.acquireWakeLock io.rong.push -
Domain associated with commercial stalkerware software, includes indicators from echap.eu.org 2 IoCs
Processes:
flow ioc 9 alog.umeng.com 39 alog.umeng.com -
Queries information about active data network 1 TTPs 3 IoCs
Processes:
com.travel.koubeicom.travel.koubei:pushserviceio.rong.pushdescription ioc process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.travel.koubei Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.travel.koubei:pushservice Framework service call android.net.IConnectivityManager.getActiveNetworkInfo io.rong.push -
Queries information about the current Wi-Fi connection 1 TTPs 3 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.travel.koubeicom.travel.koubei:pushserviceio.rong.pushdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.travel.koubei Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.travel.koubei:pushservice Framework service call android.net.wifi.IWifiManager.getConnectionInfo io.rong.push -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 2 IoCs
Processes:
com.travel.koubeicom.travel.koubei:pushservicedescription ioc process Framework service call android.app.IActivityManager.registerReceiver com.travel.koubei Framework service call android.app.IActivityManager.registerReceiver com.travel.koubei:pushservice -
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.travel.koubei1⤵
- Checks if the Android device is rooted.
- Queries information about running processes on the device
- Queries information about the current nearby Wi-Fi networks
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
-
/system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq2⤵
-
com.travel.koubei:pushservice1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
-
io.rong.push1⤵
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Queries information about the current Wi-Fi connection
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/data/data/com.travel.koubei/app_td-cache/tdappcpaFilesize
578B
MD53f040f65f46e3c6eb6ebf9f96e1022b1
SHA1374f554add6d781c85904caf175c91b89ea135c1
SHA2566557f342cc8637f1bb9d287c44996123cbe689983a06a31e59e458d9bf0bfcc9
SHA51250f90ecd2db6c178f3c471af923cbf42da80bd2bc3095b989db66f62e5085cf68fa6762d6ac49ea48bd00b1e57f6de443ff5fabf20aa5a622fa42b7ac7efa522
-
/data/data/com.travel.koubei/databases/mta.dbFilesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
/data/data/com.travel.koubei/databases/mta.db-journalFilesize
120KB
MD5019a1efa2161742c290b45242d00a6b1
SHA1987da7b69310d8d9f7e65aaf154038b8ed7400d9
SHA2562e954d0e6ae8d565b63f3c5c661dd0cc39292d6d72c707646a0ee6cc00901908
SHA51208c9c91f6e8da62ed9316ac4baa8b910cca7352d85bc39737bba467cdee71aeb43d678b9114920b56caa27a5c774d7605b989a2f2c050ec8b772bbcaeff00856
-
/data/data/com.travel.koubei/databases/mta.db-shmFilesize
32KB
MD564d61dd170fef2a6241b833fc022e99b
SHA1b70b8d3638d8d7ad5a822a4ec6ce31ef2e63ee5f
SHA256a450e222d928102ead4121ce61acc67294f3171fadd0288908070fc8bf9b516b
SHA51255475c6dca79833ed5d3a237c6ae0495ecd9db33de1835cc0a7159f651a7be9d3e6eabb784be0d280b0c26162609488c01347e425c335b7c8c253659e891ef08
-
/data/data/com.travel.koubei/databases/mta.db-walFilesize
193KB
MD55395c42879a2d95b5eb9c8eca3450167
SHA178efed9500d324df40e73d93458313ac8fc8bd4c
SHA256cc75e1090e972071cac7903c9f2ffc1c4badaad9be30d2bb43d70c63179e61a4
SHA5120a01c75050f0477d343c092cbbc5b851ba1ee53db2d07496e9e7efd5050b7cf0b302b100ae9951ae45caecad84362befbcee769ddac90782192499a1e1f90872
-
/data/data/com.travel.koubei/databases/pri_tencent_analysis.db-journalFilesize
512B
MD59e5f553b97777cf19acfc7036cb744e9
SHA15bf7e9b9ed4b519b62ece89d99ee9c6af4e4a0b5
SHA2566790c37f2e8243e792ce60c15d9c974bf6fde32dc9f8de0db69f79c49f0caf98
SHA512c24f622939c6617b56f785112ffb853fd9f065331dbae318b0dbba068a6f4ea78a93288a4d6b95bcba2c5eed6c3d208fcf7478629e72acfabec701dae5bc5c0c
-
/data/data/com.travel.koubei/databases/pri_tencent_analysis.db-walFilesize
56KB
MD5b67be6f2dfb10d6a8790e9b81c06544e
SHA18716f28a1020c7125af84869dfd849dbc4be1c6e
SHA256872e450da718cf3efb8a126190604752d99df4b8741d295bddd0c804548c39b6
SHA51254cd329b67262c854904d971856099b27ea01402e88499bb8186b4cd2c788114f864419dd0dac3202633dc13c158c38b60b8edb6a5cd02bae592a8cb6a4f8087
-
/data/data/com.travel.koubei/databases/rong_version-journalFilesize
512B
MD5abe57927253f77fb0206db3ee4950437
SHA1479e84fe752aeed6d533915878a0fb3c0fabd150
SHA256b6c0dcb1adb7a8e64c84a15ff7a8daa0c11b20d3d2b9425d9352babc22841e2d
SHA512de5490cee8bab78129d40883531be414f26aa4e2e0a4a06dd1f643af058c69af9401c8f2a4b931ef306cac2c39d990706cddcc70d7ea1ec5da3c1aed033970e4
-
/data/data/com.travel.koubei/databases/rong_version-shmFilesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
/data/data/com.travel.koubei/databases/rong_version-walFilesize
80KB
MD506d9bbafef6f676dcef92760e6f24fc8
SHA10ad66d415c85bc9ddb4fcb71df7916d1ad7542e8
SHA2560521b83c649b44d3e57aef1771140f71e9a735c58462a0a5e9d61ff82b77a8c1
SHA512ec8fa5dbacaf7ecb518961e7747f0357dbcea1e0e4699e24e7c3b6d2267487bfda567e2f9a686a2fe4860fb977c2609044ee30899a3472f4dd6ae75aa41126fe
-
/data/data/com.travel.koubei/databases/tencent_analysis.db-journalFilesize
512B
MD5f2c05dea23752013259e26561bf9d19e
SHA11d56446139d064d65c1ef14d2da6b616e6095bf2
SHA256d527437dccc804ee6a68f4e9fee5c1f7d844c43901841160eb161f506a25b950
SHA5124a7326aff174e2529d81d8c7ca43c0a5dfe3f1ad874f30c6814274a03ea01cae4dbf56ade4a9f1ed8779ae8627bc64f21779b3a9845f497a38b5bdfc9e67d61e
-
/data/data/com.travel.koubei/databases/tencent_analysis.db-walFilesize
92KB
MD5f1eb4672e17d5f481e1d5b1292358755
SHA16aeb4fa7a7345b5682a87eae0fe6a35fbc2c4094
SHA2563fbe88bd2052d809a74ec43c598c633d0a742384aad1b42720fa5d14fa776b87
SHA5127cc22a2477f03c124007318344b439a48069bad902e191773e3d9f5b607ab95b7c481848c2f0fc88ea3d67bb71fb78a2163a84410394b56ba6c920e6126e0f2c
-
/data/data/com.travel.koubei/files/mobclick_agent_cached_com.travel.koubei27Filesize
591B
MD54bd0a136dcf395778d664d92ea9076e0
SHA1ae8840f8fb929158c8f63c970aec58c3b2c53f47
SHA2569cb6f6e035db60d4a4bbde25a5f7f297eaa41564fcfc178687ca69a9b42e99cb
SHA512bdd98ddd383413cc1cf773e62becad7fe965d64d2186cf62b2f9724e528276cafb6f87083a84d7b08b20bf0c768c8e9e4ca20ffc5476f3cd547a8ae1ab02cd31
-
/data/data/com.travel.koubei/files/mobclick_agent_sealed_com.travel.koubeiFilesize
550B
MD56eb3cc89ec06f911e1808509e015242a
SHA11709b5932afba28452bb4b539c493e8e60c931fe
SHA256fa6a2ec75cd69d7e3f36e11a5ecad0025587f5dfbb200a6acebdb388cb7bf739
SHA512e3f7c49dd94a0c6ef1862a1e1b51d2b6400c213574324c395465a3d50990d8425cfef36a509986b7f346589425e3ea5b2cec6068369645227db26a38657905a0
-
/data/data/com.travel.koubei/files/umeng_it.cacheFilesize
211B
MD52c798e87fd3311ae8b68b02668048297
SHA1f8f5c9b819ab7ad8c18a29d9c2a253dbdbea8365
SHA256ddd95292b7243bffdb8c68e11e89b1c59d1f8bd331ff399ab74fc198ed4d5805
SHA5126dcdc48c992fb14adfec3fbc7d42f14767698a1a13c89f8e71cad76d74922e384c4fd3fd16abf6908ea799957b3be05329ef8c50eeb0bb4c436b1eb3cec450a7
-
/storage/emulated/0/Android/data/com.travel.koubei/cache/http/2ab9f239fb129be9eb26c1d00b022baf.0.tmpFilesize
278B
MD551c9f38e380e3b7f705fbc411792ff07
SHA1fded7602f098f4b23bbab7b0e94d0aed7bcfd1e1
SHA2564fcf789ba9f2ca3692091fa785a1e0077a87de417b0dd6d04f21289a5aaec59f
SHA51224a5b15ef93b94f7afb0c71f7a6a28dd4116fd167f8c382ac30cf56b01a3904518c42f0834e0f870c4528639454610a91637a2b1c0c7c61f23272d37a327a407
-
/storage/emulated/0/Android/data/com.travel.koubei/cache/http/304d4c9a72d8b8d2c0b3dedc2ac3dc6b.0.tmpFilesize
281B
MD5fed01292a10987ea5da4c0dd1c95a32f
SHA1858c60583814aa6d72b033084510b1383c584a45
SHA256e072c178256310de4e30dac8a9822f1c068e7b1b5219c0760ef6ffa3928766e7
SHA512718469b8beea74fda8ae97f5c730c60c5d4324250e4807de3f0a8d4057d9ae1e4d21e8155529fbe008f034118625e50b4dba91ddf956213ebb75ab9447090812
-
/storage/emulated/0/Android/data/com.travel.koubei/cache/http/journalFilesize
114B
MD572c1e42698debfdbebc1ef854f06c6b0
SHA1fa28934e50ee9453aabd08e679af8d7eb72f569f
SHA256041576f84506e8eb2d491a2be14f8c859f451a95e24a318ebb4ee7076f8e9889
SHA5126b8104bd28a5a4d065d1d4776f138733f4d56f10b3d25445f4a5c0c6105dbef78813627393e9f143af459a42cf29115e5f4fa870b7110db134bb7edd3d187def
-
/storage/emulated/0/Android/data/com.travel.koubei/cache/http/journal.tmpFilesize
36B
MD537e8e716e0e2f4a0b05cd9571d95b84d
SHA1f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA2567080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6
-
/storage/emulated/0/Android/data/com.travel.koubei/files/RongCloud/cache/journal.tmpFilesize
31B
MD58c8bcb7d36cb5a71729c00c4e7f2d330
SHA1a352667c61dc45f43cae74a7102fa692fba98d3e
SHA256fddce724f39edc9ae1df4f8920e512cfd0fe3a9017b32031f1ca0e9ec06a1150
SHA5124589f9c835a12ddaa04617822b93aba809aa85b392dc8596d47368a31648c542a0eb96643ca3a8d21d31aa1a790580a3258afdc3d202d31c5a324a4b591ccb62